It looks like some of GG plugins ((e.g. gg ETABS) use dotnet asp 6.0 for commutating with ETABS, which frankly not acceptable due to recently discovered CVEs, when are you planning to upgrade them?
Hi Tomo,
Thanks for the post. Can you clarify this a little? The Etabs plugin is built for Rhino8 using dotnet 7.0 and dotnet framework 4.8
It seems now Rhino supports dotnet 8.0 so I can also check that this could be included in the package. Would that satisfy your security concerns? How do you determine that there is an ASP reference or use? In particular there is no use of ASP to interface with Etabs (only referencing the CSi dll). We do use an internet based license server, but there is no ASP required for that.
Thanks,
Jon
Are you 100% certain that you are not using ASP6.0 or 7.0 for calling COM API functions?
Since I don’t have access to the source code, it’s very difficult for me to prove my theory. But here is a reasoning.
We’ve tested running Etabs plugins with 3 machines with the following dotnet versions installed. And the plugin only worked correctly (the inter communication part) with the machine that have the 6.0 & 7.0 ASP installed. Here is an interesting part - it works all fine except for pushing the data to Etabs, which got me to suspect ASP package.
Also note that dotnet 7.0 is out of support too, so please release the new version with dotnet 8.0…
Hope this helps to clarify the issue…
thx,
|
Tomohiro |
Sugeta |
|
|
Senior Structural Engineer |
|
Cundall |
|
香港灣仔軒尼詩道256號 The Hennessy 7樓 |
|
7/F The Hennessy, 256 Hennessy Road, Wanchai, Hong Kong |
|
www.cundall.com | People | Ideas | Projects | Instagram | Linkedin | Join |
I’ll reach out to you to discuss further. There is no reference to ASP6 or 7 that I can see.
1 Like